Executive Publications: Information Security

A Better Way to Battle Malware Photo

A Better Way to Battle Malware

Tim Laseter

M. Eric Johnson
strategy + business

Emulating the methods used to transform production quality could clean up the Internet and might even pay for itself. More ›

Article (347KB)

Topics: Information Security, Internet / Connectivity, Strategy

The Human Element Photo

The Human Element

M. Eric Johnson
Tuck Today

Forget technology. It's people that are keeping information security professionals up at night, says professor Eric Johnson. We are connected. The number of devices accessing the Internet today easily exceeds the world's population and will likely reach 50 billion by the end of the decade. This connectivity has transformed how we do business and the way we live, but it also has a dark side. With trillions of emails, instant messages, and social media posts floating around in cyberspace, information is now harder than ever to protect. More ›

Topics: Culture, Information Security

Human Behavior and Security Culture - America Photo

Human Behavior and Security Culture - America

M. Eric Johnson, Jeff Moag
CISO Information Security Workshop Publication

A workshop for information security executives convened to examine information security risks and challenges posed by human behavior. The workshop included security leaders from Automatic Data Processing, Inc., Bechtel, Cigna, Cisco, Colgate-Palmolive, Eastman Chemical Company, eBay, General Dynamics, Goldman Sachs, L.L. Bean, the MITRE Corporation, Providence Health & Services, Praxair, Staples, Starwood Hotels & Resorts Worldwide, Stream Global Services, Time Inc., and the U.S. Department of Homeland Security, as well as academics from the Tuck School of Business at Dartmouth. 

Human Behavior and Security Culture (279K)

Topics: Culture, Data, Information Security

Human Behavior and Security Culture - Europe Photo

Human Behavior and Security Culture - Europe

Jeff Moag

Hans Brechbühl, Tim Paradis
CISO Information Security Workshop Publication

A workshop for European information security executives convened June 20–21, 2011 to examine information security risks and challenges posed by human behavior. The workshop included security leaders from ABB, adidas, Cisco Systems, Clariant, Deloitte, Hilti, Holcim, the NATO Communication and Information Systems Services Agency, Nestlé, Nokia, Siemens, Swiss Re, Tetra Pak, Thomson Reuters, the Swiss Federal Office of Information Technology, Systems and Telecommunication, TÜV Rheinland, and UBS, as well as academics from the Tuck School of Business at Dartmouth and the University of St. Gallen.

Overview (298K)

Topics: Culture, Data, Information Security

Assessing Risk in Turbulent Times Photo

Assessing Risk in Turbulent Times

M. Eric Johnson, Moag, Jeff
Workshop for Information Security Executives

This workshop for information security executives was hosted by the Institute for Information Infrastructure Protection (I3P) and the Tuck School of Business’s Center for Digital Strategies, both at Dartmouth College.

Overview in PDF Format (359K)

Topics: Controls / Metrics, Information Security, Information Technology, Organization, Strategy

Security through Information Risk Management Photo

Security through Information Risk Management

A Workshop for Information Security Executives, 2007

Protecting against economically-driven threats requires building security into the culture so that everyone can recognize the risks. This article looks at the role of CISOs and directors of information security in building a secure organization. 

Overview in PDF Format (308K)

Topics: Information Security, Risk

Using and Stewarding Customer Data Photo

Using and Stewarding Customer Data

Roundtable on Digital Strategies Publication

How has the view of the use of customer data changed in the last few years? This written overview looks at strategies for meeting and exceeding customer expectations with data use. 

Overview in PDF Format (215K)

Topics: Customer, Data, Governance, Information Security, Privacy

Security Beyond the Ports Photo

Security Beyond the Ports

Charles H. White, Jr. (T'68)
The Journal of Commerce

This article discusses the controversial P&O-DP World deal and considers how America’s global supply chains do not begin and end at the ports, and how neither should our security focus.

Article in PDF Format (24K)

Topics: Information Security, Supply Chain

Embedding Information Security Risk Management into the Extended Enterprise Photo

Embedding Information Security Risk Management into the Extended Enterprise

Executive Workshop Publication

This Workshop on Developing a Secure Organization convened to discuss how companies are embedding information security risk management into the extended enterprise. In today’s outsourcedenterprises, effective risk management is quickly becoming a source of competitive advantage. The technology community has made much progress in the past five years improving the technical aspectsof security. Yet moving the needle on information security is a team activity, requiring participation by everyone in the corporation. The hardest remaining issues involve people and organizations. Inthis workshop, CISOs2 from Fortune 500 firms gathered to debate the challenges of organizing for security.

Overview in PDF Format (194K)

Topics: Extended Enterprise, Information Security, Information Technology, Risk

Economically Complex Cyberattacks

Scott Borg
IEEE Security and Privacy

Most people working in cybersecurity recognize that the interconnections and complexities of our economy can have a huge effect on the destructiveness of cyberattacks. They refer casually to “network effects,” “spillover effects,” or “knock-on effects.” Yet there is little understanding of how such effects actually work, what conditions are necessary to create them, or how to quantify their consequences.

Article in PDF Format (67K)

Topics: Data, Information Security

A Broader Context for Information Security Photo

A Broader Context for Information Security

M. Eric Johnson
Financial Times

This article looks at the goal of effective risk management for information technology, which is not the elimination of security failures, but rather reducing their cost while empowering the business to take appropriate risks. 

Article in PDF Format (73K)

Topics: Information Security, Information Technology, Risk

Security and Privacy: At Odds with Speed and Collaboration? Photo

Security and Privacy: At Odds with Speed and Collaboration?

Roundtable on Digital Strategies Publication

This roundtable discussion focused on the impact of increased security and privacy of information on businesses, and organizational changes that would serve to ameliorate the impact. Experience their findings and learnings in this written overview.

Overview in PDF Format (27K)

Topics: Collaboration, Culture, Information Security, Information Technology, Privacy, Risk